I'm sorry if this is the wrong group to post such a question.
I have openldap (slapd version 2.4.31-1+nmu2ubuntu8) running on Ubuntu Server 14.04. The
'hostObject' objectClass is added in the OpenLDAP directory. The 'host'
attribute is added under all ldap users, which allows users to access just those
particular hosts. Apple schema has been added as well.
I have a ubuntu client that authenticates users against the ldap server. The ubuntu client
is configured to perform host-based authentication via pam modules. Only users that have
access to the Ubuntu client can login, and others are denied access. I also have a Mac OS
X Mountain Lion (10.8.5) client that authenticates users against the same openldap server.
All network users can login through the login window. I would like to restrict access to
the Mountain Lion client based on hosts, as I've it on the Ubuntu client.
I tried to search for documentation on this, but didn't find any good one. Most of the
documentation suggest that network user access be controlled on the Mountain Lion client.
I'd really like to have that control on ldap server and not on client. Also,
restricting network user access using 'Users & Groups' settings in System
Preferences fails. All ldap users are blocked from login.
I have successfully tested host-based authentication on a Ubuntu Server 10.04 client that
is connected to the same ldap server. So, I know host based authentication works. I would
really appreciate if anyone could shed some light on this, or point me to a document that
talks about host-based authentication on Mac OS X Mountain Lion client.
Show replies by date